Study: Insiders responsible for 6 in 10 breached patient records in January

Whether malicious or not, insiders remain a major threat to healthcare organizations, according to the monthly Protenus Breach Barometer.
By Bill Siwicki
04:28 PM

Nearly 60 percent of breached patient records in January 2017 were the result of insiders, according to the Protenus Breach Barometer, a monthly snapshot of reported or disclosed breaches impacting the healthcare industry, with data compiled and provided by

January’s health data breaches reinforce the importance of health data security as the need to protect patient data from insiders continues to loom large, healthcare cybersecurity company Protenus said.

2016 averaged one health data breach per day, and 2017 is off to a similar start with 31 health data breaches, the barometer found. There were fewer incidents disclosed in January than December, when there were 36, and far fewer affected patient records, 1,431,449 in December versus 388,307 in January. These numbers are based on incidents either reported to HHS or disclosed in media or other sources during December 2016 and January 2017. Information was available for 26 of those incidents in January.

The majority of breached patient records – 230,044 – were attributable to insider incidents, the barometer found. Five of nine insider incidents were the result of insider wrongdoing and 4 of the insider incidents were the result of insider error.

Of 12 hacking incidents disclosed in January, there are numbers for 10, affecting 145,636 patient records. One incident involved an extortion demand from the infamous TheDarkOverlord, who leaked the data when the entity did not pay the demand. A second hacking incident disclosed in January was somewhat unusual, Protenus observed. Although there was no reported ransomware or ransom demand involved, the hacked entity reported that the attack interfered with patient care when data was corrupted and clinics could not access the necessary data for marijuana records and prescriptions.

A third hacking incident disclosed in January involved two sequential breaches: one insider error that exposed patient data followed by an external attack, according to the barometer. Both events stemmed from a misconfiguration of a vendor’s database, Protenus reported. The misconfiguration, which exposed patient data, was detected by researchers, but before the researchers could contact the covered entity to alert them to secure the database, criminals also detected the exposure and hacked the database, wiping it out and leaving a ransom demand, Protenus said.

Of the 31 reported incidents in January, 25 involved healthcare providers, four involved health plans, and two involved third parties, the barometer found.

Also of note: Five breach incidents in January involved paper or film records, according to the barometer.